Use injection for RollerSessionManager.

Author: snoopdave

app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSession.java

@@ -26,6 +26,8 @@
 import javax.servlet.http.HttpSessionActivationListener;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
+
+import com.opensymphony.xwork2.inject.Inject;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.roller.weblogger.WebloggerException;
@@ -43,37 +45,39 @@ public class RollerSession
         implements HttpSessionListener, HttpSessionActivationListener, Serializable {
 
     private static final long serialVersionUID = 5890132909166913727L;
+    private static final Log log;
 
     // the id of the user represented by this session
     private String userName = null;
-    
-    private static final Log log;
-    
+    private final SessionManager sessionManager;
+
     public static final String ROLLER_SESSION = "org.apache.roller.weblogger.rollersession";
 
     static{
         WebloggerConfig.init(); // must be called before calls to logging APIs
         log = LogFactory.getLog(RollerSession.class);
     }
-   
-    /**
-     * Get RollerSession from request (and add user if not already present).
-     */
-    public static RollerSession getRollerSession(HttpServletRequest request) {
-        RollerSession rollerSession = null;
+
+
+    @Inject
+    public RollerSession(SessionManager sessionManager) {
+        this.sessionManager = sessionManager;
+    }
+
+    @Inject
+    public RollerSession(SessionManager sessionManager, HttpServletRequest request) {
+        this.sessionManager = sessionManager;
+
         HttpSession session = request.getSession(false);
         if (session != null) {
-            rollerSession = (RollerSession)session.getAttribute(ROLLER_SESSION);
-
-            if (rollerSession == null) {
-                rollerSession = new RollerSession();
-                session.setAttribute(ROLLER_SESSION, rollerSession);
-            } else if (rollerSession.getAuthenticatedUser() != null) {
-                RollerSessionManager sessionManager = RollerSessionManager.getInstance();
-                if (sessionManager.get(rollerSession.getAuthenticatedUser().getUserName()) == null) {
-                    // session not present in cache means that it is invalid
-                    rollerSession = new RollerSession();
-                    session.setAttribute(ROLLER_SESSION, rollerSession);
+            RollerSession storedSession = (RollerSession)session.getAttribute(ROLLER_SESSION);
+
+            if (storedSession == null) {
+                session.setAttribute(ROLLER_SESSION, this);
+            } else if (storedSession.getAuthenticatedUser() != null) {
+                if (sessionManager.get(storedSession.getAuthenticatedUser().getUserName()) == null) {
+                    // override it with the new session
+                    session.setAttribute(ROLLER_SESSION, this);
                 }
             }
 
@@ -83,7 +87,7 @@ public static RollerSession getRollerSession(HttpServletRequest request) {
             // user object from user manager but *only* do this if we have been 
             // bootstrapped because under an SSO scenario we may have a 
             // principal even before we have been bootstrapped.
-            if (rollerSession.getAuthenticatedUser() == null && principal != null && WebloggerFactory.isBootstrapped()) { 
+            if (getAuthenticatedUser() == null && principal != null && WebloggerFactory.isBootstrapped()) {
                 try {
 
                     UserManager umgr = WebloggerFactory.getWeblogger().getUserManager();
@@ -114,16 +118,14 @@ public static RollerSession getRollerSession(HttpServletRequest request) {
                     }
                     // only set authenticated user if user is enabled
                     if (user != null && user.getEnabled()) {
-                        rollerSession.setAuthenticatedUser(user);
+                        setAuthenticatedUser(user);
                     }
 
                 } catch (WebloggerException e) {
                     log.error("ERROR: getting user object",e);
                 }
             }
         }
-        
-        return rollerSession;
     }
 
     /**
@@ -149,7 +151,6 @@ public User getAuthenticatedUser() {
      */
     public void setAuthenticatedUser(User authenticatedUser) {
         this.userName = authenticatedUser.getUserName();
-        RollerSessionManager sessionManager = RollerSessionManager.getInstance();
         sessionManager.register(authenticatedUser.getUserName(), this);
     }
 

app/src/main/java/org/apache/roller/weblogger/ui/core/RollerSessionManager.java

@@ -1,3 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  The ASF licenses this file to You
+ * under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.  For additional information regarding
+ * copyright in this work, please see the NOTICE file in the top level
+ * directory of this distribution.
+ */
+
 package org.apache.roller.weblogger.ui.core;
 
 import org.apache.commons.logging.Log;
@@ -10,20 +28,12 @@
 import java.util.HashMap;
 import java.util.Map;
 
-public class RollerSessionManager {
+public class RollerSessionManager implements SessionManager {
    private static final Log log = LogFactory.getLog(RollerSessionManager.class);
    private static final String CACHE_ID = "roller.session.cache";
 
    private final Cache sessionCache;
 
-   public static RollerSessionManager getInstance() {
-      return RollerSessionManager.SingletonHolder.INSTANCE;
-   }
-
-   private static class SingletonHolder {
-      private static final RollerSessionManager INSTANCE = new RollerSessionManager();
-   }
-
    private class SessionCacheHandler extends CacheHandlerAdapter {
      public void invalidateUser(User user) {
          if (user != null && user.getUserName() != null) {
@@ -32,7 +42,7 @@ public void invalidateUser(User user) {
       }
    }
 
-   private RollerSessionManager() {
+   public RollerSessionManager() {
       Map<String, String> cacheProps = new HashMap<>();
       cacheProps.put("id", CACHE_ID);
       this.sessionCache = CacheManager.constructCache(null, cacheProps);

app/src/main/java/org/apache/roller/weblogger/ui/core/SessionManager.java

@@ -0,0 +1,26 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ *  contributor license agreements.  The ASF licenses this file to You
+ * under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.  For additional information regarding
+ * copyright in this work, please see the NOTICE file in the top level
+ * directory of this distribution.
+ */
+
+package org.apache.roller.weblogger.ui.core;
+
+public interface SessionManager {
+   void register(String userName, RollerSession session);
+   RollerSession get(String userName);
+   void invalidate(String userName);
+}
+

app/src/main/java/org/apache/roller/weblogger/ui/core/filters/LoadSaltFilter.java

@@ -23,23 +23,31 @@
 import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.roller.weblogger.ui.core.RollerSession;
 import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
+import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory;
 
-/**
- * Filter generates a unique salt value for use in any HTTP form generated by 
- * Roller. See also: ValidateSalt filter.
- */
 public class LoadSaltFilter implements Filter {
 
+    private static final Log log = LogFactory.getLog(LoadSaltFilter.class);
+    private RollerSession rollerSession;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        rollerSession = UIBeanFactory.getBean(RollerSession.class);
+    }
+
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
-        throws IOException, ServletException {
+            throws IOException, ServletException {
 
         HttpServletRequest httpReq = (HttpServletRequest) request;
-        RollerSession rollerSession = RollerSession.getRollerSession(httpReq);
+
         if (rollerSession != null) {
-            String userId = rollerSession.getAuthenticatedUser() != null ? rollerSession.getAuthenticatedUser().getId() : "";
+            String userId = rollerSession.getAuthenticatedUser() != null ?
+                          rollerSession.getAuthenticatedUser().getId() : "";
             SaltCache saltCache = SaltCache.getInstance();
             String salt = RandomStringUtils.random(20, 0, 0, true, true, null, new SecureRandom());
             saltCache.put(salt, userId);
@@ -48,11 +56,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
 
         chain.doFilter(request, response);
     }
- 
-    @Override
-    public void init(FilterConfig filterConfig) throws ServletException {
-    }
- 
+
     @Override
     public void destroy() {
     }

app/src/main/java/org/apache/roller/weblogger/ui/core/filters/ValidateSaltFilter.java

@@ -37,6 +37,7 @@
 import org.apache.roller.weblogger.config.WebloggerConfig;
 import org.apache.roller.weblogger.ui.rendering.util.cache.SaltCache;
 import org.apache.roller.weblogger.ui.core.RollerSession;
+import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory;
 
 /**
  * Filter checks all POST request for presence of valid salt value and rejects those without
@@ -45,6 +46,7 @@
 public class ValidateSaltFilter implements Filter {
     private static final Log log = LogFactory.getLog(ValidateSaltFilter.class);
     private Set<String> ignored = Collections.emptySet();
+    private RollerSession rollerSession;
 
     @Override
     public void doFilter(ServletRequest request, ServletResponse response,
@@ -58,9 +60,9 @@ public void doFilter(ServletRequest request, ServletResponse response,
         }
 
         if ("POST".equals(httpReq.getMethod()) && !isIgnoredURL(requestURL)) {
-            RollerSession rollerSession = RollerSession.getRollerSession(httpReq);
             if (rollerSession != null) {
-                String userId = rollerSession.getAuthenticatedUser() != null ? rollerSession.getAuthenticatedUser().getId() : "";
+                String userId = rollerSession.getAuthenticatedUser() != null ?
+                              rollerSession.getAuthenticatedUser().getId() : "";
 
                 String salt = httpReq.getParameter("salt");
                 SaltCache saltCache = SaltCache.getInstance();
@@ -71,7 +73,6 @@ public void doFilter(ServletRequest request, ServletResponse response,
                     throw new ServletException("Security Violation");
                 }
 
-                // Remove salt from cache after successful validation
                 saltCache.remove(salt);
                 if (log.isDebugEnabled()) {
                     log.debug("Salt used and invalidated: " + salt);
@@ -86,6 +87,7 @@ public void doFilter(ServletRequest request, ServletResponse response,
     public void init(FilterConfig filterConfig) throws ServletException {
         String urls = WebloggerConfig.getProperty("salt.ignored.urls");
         ignored = Set.of(StringUtils.stripAll(StringUtils.split(urls, ",")));
+        rollerSession = UIBeanFactory.getBean(RollerSession.class);
     }
 
     @Override

app/src/main/java/org/apache/roller/weblogger/ui/struts2/ajax/CommentDataServlet.java

@@ -23,6 +23,9 @@
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 import org.apache.commons.text.StringEscapeUtils;
 import org.apache.commons.text.WordUtils;
 import org.apache.roller.weblogger.business.Weblogger;
@@ -32,6 +35,7 @@
 import org.apache.roller.weblogger.pojos.WeblogEntryComment;
 import org.apache.roller.weblogger.pojos.WeblogPermission;
 import org.apache.roller.weblogger.ui.core.RollerSession;
+import org.apache.roller.weblogger.ui.struts2.util.UIBeanFactory;
 import org.apache.roller.weblogger.util.Utilities;
 
 
@@ -40,7 +44,12 @@
  */
 public class CommentDataServlet extends HttpServlet {
 
-    public void checkAuth(HttpServletRequest request, Weblog weblog) {
+    private static final Log log = LogFactory.getLog(CommentDataServlet.class);
+    private RollerSession rollerSession;
+
+    @Override
+    public void init() throws ServletException {
+        rollerSession = UIBeanFactory.getBean(RollerSession.class);
     }
 
     /**
@@ -62,9 +71,8 @@ public void doGet(HttpServletRequest request,
                 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
             } else {
                 // need post permission to view comments
-                RollerSession rses = RollerSession.getRollerSession(request);
                 Weblog weblog = c.getWeblogEntry().getWebsite();
-                if (weblog.hasUserPermission(rses.getAuthenticatedUser(), WeblogPermission.POST)) {
+                if (weblog.hasUserPermission(rollerSession.getAuthenticatedUser(), WeblogPermission.POST)) {
                     String content = Utilities.escapeHTML(c.getContent());
                     content = StringEscapeUtils.escapeEcmaScript(content);
                     String json = "{ id: \"" + c.getId() + "\"," + "content: \"" + content + "\" }";
@@ -101,9 +109,8 @@ public void doPut(HttpServletRequest request,
                 response.setStatus(HttpServletResponse.SC_NOT_FOUND);
             } else {
                 // need post permission to edit comments
-                RollerSession rses = RollerSession.getRollerSession(request);
                 Weblog weblog = c.getWeblogEntry().getWebsite();
-                if (weblog.hasUserPermission(rses.getAuthenticatedUser(), WeblogPermission.POST)) {
+                if (weblog.hasUserPermission(rollerSession.getAuthenticatedUser(), WeblogPermission.POST)) {
                     String content = Utilities.streamToString(request.getInputStream());
                     c.setContent(content);
                     // don't update the posttime when updating the comment

app/src/main/java/org/apache/roller/weblogger/ui/struts2/util/UIActionInterceptor.java

@@ -18,6 +18,7 @@
 
 package org.apache.roller.weblogger.ui.struts2.util;
 
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang3.StringUtils;
@@ -40,6 +41,17 @@ public class UIActionInterceptor extends MethodFilterInterceptor implements
 
     private static final long serialVersionUID = -6452966127207525616L;
     private static Log log = LogFactory.getLog(UIActionInterceptor.class);
+    private RollerSession rollerSession;
+
+    @Override
+    public void init() {
+        try {
+            rollerSession = UIBeanFactory.getBean(RollerSession.class);
+        } catch (ServletException e) {
+            log.error("Failed to initialize UIActionInterceptor", e);
+            throw new RuntimeException("Failed to initialize UIActionInterceptor", e);
+        }
+    }
 
     @Override
     public String doIntercept(ActionInvocation invocation) throws Exception {
@@ -63,10 +75,8 @@ public String doIntercept(ActionInvocation invocation) throws Exception {
 
             UIAction theAction = (UIAction) action;
 
-            // extract the authenticated user and set it
-            RollerSession rses = RollerSession.getRollerSession(request);
-            if (rses != null) {
-                theAction.setAuthenticatedUser(rses.getAuthenticatedUser());
+            if (rollerSession != null) {
+                theAction.setAuthenticatedUser(rollerSession.getAuthenticatedUser());
             }
 
             // extract the work weblog and set it
@@ -88,5 +98,4 @@ public String doIntercept(ActionInvocation invocation) throws Exception {
 
         return invocation.invoke();
     }
-
 }

app/src/main/resources/struts.xml

@@ -21,6 +21,8 @@
         "http://struts.apache.org/dtds/struts-2.5.dtd">
 <struts>
 
+    <constant name="struts.objectFactory" value="org.apache.roller.weblogger.ui.struts2.util.UICustomObjectFactory"/>
+
     <!-- Weblogger default package -->
     <package name="weblogger" namespace="/roller-ui" extends="struts-default">